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DETAILED ACTION 

1 . This Office Action is taken in response to Applicant's Amendment filed on August 
29, 2005 regarding application 09/825,905 filed on April 4, 2001. 

2. Claims 1-24 are pending in the application under consideration. 
Claims 1-3, 5-6, 11, 13, 15, 19 and 24 have been amended. 

3. Response to Amendments and Remarks 

Applicant's amendments and remarks have been fully and carefully considered 
with the results set forth below. 

As to remark on claim 7 : 

Applicants contend that the examiner treats the "privileged instruction" and the 
"information to be protected" as the same entity (element 14 of figure 3), and that the 
instructions are not used to control access to "data.". The examiner disagrees with 
these assessments. 

First of all, the "information to be protected" can be either "instruction (or 
programs" or "data," as illustrated in figure 3. 

Second, as far as "instructions" are concerned, there may be a plurality of 
segments (figure 1 1) all associated with instructions. Among these instruction 
segments, some of the "regions" are specifically protected and permission is needed to 
access them (figures 19-20), and the rest of them may be accessed without specially 
permission. Those instructions reside in the "protected" regions are "privilege" 
instructions that can only be accessed by entities with special privilege, or permission, 
such as the operating system. In other words, although "privileged instructions" are part 
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of the "instruction" body, the segmentations and assigned protection attributes divide 
the entire "instruction" body into a plurality of different "instruction" entities, as illustrated 
in figures 19-20, instead of being the same element as alleged by Applicants. 

Third, the execution of a protected/privilege instruction may change the current 
memory protection information, which in turn may change the permission of the 
segments of "instruction" or "data" to be accessed next. This is explained in column 13, 
lines 36-67 [a control unit (figure 3, 16) for updating the current memory protection 
information (figure 3, 17) by the target memory protection information (figure 3, 18) in 
case the instruction access causing the segment transition is permitted] and also 
reflected in figure 3. Note that the change of protection permission associated with 
segments due to the execution of a privilege/protected instruction may affect an 
"instruction" segment as well as a "data" segment, as shown in figure 3. 

Therefore, the examiner's position regarding the patentability of claim 7, and 
those claims dependent from it, remain the same as stated in the previous Office Action. 

As to amendments on claims 1-2, 11, 1 5, 19 and 24 : 

These claims are now amended with new, additional limitation of "a first table" 
and "a second table," and "controlling access to the selected information using a 
second table that associates at least one of a read and write privilege with one or 
more physical addresses ..." 

In response to the amendments, a new round of claim analysis based on the 
same references (Nozue et al., US 5,890,189 and Childs, Jr. et al., US 4,442,484) cited 
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in the previous Office Action has been embarked. Refer to the corresponding sections 
of claim analysis for details. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 1-4, 7-9, 11-13, 15-17, 19-21, and 24 are rejected under 35 U.S.C. 102(b) 
as being anticipated by Nozue et al. (US 5,890,189). 

As to claim 1, Nozue et al. disclose a method for providing security in a 
computer system [Memory Management and Protection System for Virtual Memory in 
Computer System (title)], comprising: 

Controlling access to selected information using attributes defined in a first 
table [figure 45 shows the first table]; 

Controlling access to the selected information using a second table [the second 
table is shown in figure 24A, 31, which is in the form of a TLB (column 24, lines 52-67; 
column 25, lines 1-67)] that associates at least one of a read an write privilege 
[figure 24A, shows the "r,w,x" indication of the read/write privilege] with one or more 
physical address of a memory that houses the selected information [figure 24A 
shows the protection associated with a plurality of physical address space, the physical 
page numbers] ; 

receiving a request from a program to access the information [a program number 
uniquely assigned to each program is utilized to distinguish a plurality of programs 
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which can make access to the memory (column 1, lines 21-26); figure 24A shows the 
thread numbers associated with the access requests; figures 43 and 45]; and 
allowing access to the information in response to determining that the program 
has the authority to access the information based on at least one of the read and 
write privilege [a dedicated memory region can be secured for each program by 
assigning a unique program number available only to that program (column 1 , lines 55- 
61); figure 1 1 shows the protection associated with a plurality of address space, the 
protection bits including the read permission bit (91), the write permission bit (92), and 
the execution permission bit (89); figure 24A, shows the "r,w,x" indication of the 
read/write privilege; figure 37 shows the "r,w,x" access right associated with each 
program thread]. 

As to claim 2, Nozue et al. disclose that controlling access to the selected 
information based on the privilege comprises: 

indicating in the second table that the memory housing the information is at 
least one of read and write disabled [the second table is shown in figure 24A, 31, 
which is in the form of a TLB (column 24, lines 52-67; column 25, lines 1-67); figure 
24A, shows the "r,w,x" indication of the read/write allowable status; figure 34; figure 1 1 
shows the protection associated with a plurality of address space, the protection bits 
including the read permission bit (91), the write permission bit (92), and the execution 
permission bit (89)]. 

As to claim 3, Nozue et al. disclose that the second table is a bitmap based on 
physical addresses of the memory [figures 11, 34, 35A, and 37]. 
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As to claim 4, Nozue et al. disclose that the program is an operating system 
[the program may be an operating system (column 3, lines 21-26)]. 

As to claim 7, Nozue et al. disclose a method for providing security [Memory 
Management and Protection System for Virtual Memory in Computer System (title)], 
comprising: 

writing to at least one register to define a privileged memory region [a current 
memory protection information register, figure 3, 17; column 13, lines 35-67]; 
defining at least one computer instruction as a privileged instruction, wherein 
the privileged instruction is resident in the privileged memory region [figure 3, 14 
shows the instruction access permission signal generator which defines and controls 
the access to a privileged memory (i.e. the instruction) region. Note that each 
instruction inside the privileged memory region is treated as a privileged instruction]; 
identifying information for protection [figure 3 shows the protection for both 
instruction (14) and data (15) memory]; 

indicating at least one physical address of a memory that houses the information 
as at least one of read and write disabled [figure 1 1 shows the protection associated 
with a plurality of address space, the protection bits including the read permission bit 
(91), the write permission bit (92), and the execution permission bit (89)]; and 
controlling the access to the information using the privileged instruction [a 
dedicated memory region can be secured for each program by assigning a unique 
program number available only to that program (column 1, lines 55-61)]. 
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As to claim 8, Nozue et al. disclose writing to a second register, wherein the 
first and second registers define the privileged memory region [figure 3 shows a 
second register, a target memory protection information register (18, column 13, lines 
35-67); figure 43 further shows that two registers (the start and end address registers) 
that defines the protection region]. 

As to claim 9, refer to "As to claim 2." 

As to claim 1 1 , Nozue et al. disclose a computer readable program storage 
device encoded with instructions [figures 48, 50, and 54 show the program flow 
diagrams that implement the protection mechanism] that, when executed by a 
computer, performs a method of providing security, comprising: 
protecting selected information using a first level of security specifying access 
privileges to the selected information [the first level of security is shown in the table 
of figure 45, which indicate which program has the privilege to access which selected 
information]; 

protecting the information using a second level of security that associates at 
least one of a read and write privilege with one or more addresses of a memory 
that houses the selected information [the secondlevel of security is illustrated in 
figure 24A, 31 , which is in the form of a TLB (column 24, lines 52-67; column 25, lines 
1-67); figure 24A, shows the "r,w,x" indication of the read/write privilege; figure 24A 
shows the protection associated with a plurality of physical address space, the physical 
page numbers]; 
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receiving a request from a program to access the information [a program number 
uniquely assigned to each program is utilized to distinguish a plurality of programs 
which can make access to the memory (column 1, lines 21-26); figure 24A shows the 
thread numbers associated with the access requests; figures 43 and 45]; and 
accessing the information in response to determining that the program has the 
authority to access the selected information based at least on the second 
security level [figure 54, step S35, "is it access permitted by ACL, which is part of the 
TBL, the second table (figure 24A) based on which the second level of security is 
operated]. 

As to claim 12, Nozue et al. teach that indicating at least one physical 
address of the memory includes: 

generating a table [figures 1 1 , 43 and 45] based on the physical addresses of the 
memory; and indicating in the table that the memory housing the information is 
at least one of read and write disabled [figure 1 1 shows the protection associated 
with a plurality of address space, the protection bits including the read permission bit 
(91), the write permission bit (92), and the execution permission bit (89)]. 

As to claim 13, Nozue et al. disclose that the table includes an entry 
specifying access rights to the selected information based on one or more 
programs desiring to access the selected information [figures 43 and 45 show 
which program ID has the right to access which memory region]. 

As to claim 1 5, refer to "As to claim 1" and "As to claim 1 1 ." 

As to claim 16, refer to "As to claim 12." 
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As to claim 17, refer to "As to claim 4." 

As to claim 19, refer to "As to claim 1 ." It should be noted that although the 
figures do not show a processor, it is understood that a computer system inherently 
has at least one processor. 

As to claim 20, refer to "As to claim 12." 

As to claim 21 , refer to "As to claim 4." 

As to claim 24, refer to "As to claim 1 ." 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 5-6, 10, 14, 18, 22 and 23 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Nozue et al. (US 5,890,189), and in view of Childs, Jr. et al. (US 
4,442,484). 

With respect to claims 5, 10, 14, 18, and 22, Nozue et al. do not mention that the 
information is at least one of interrupt descriptor table, global descriptor table, 
and local descriptor table. However, Childs, Jr. et al. teach in their invention 
"Microprocessor Memory Management and Protection mechanism" a memory 
management and protection mechanism in which access to protected entities is 
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controlled. The protected entities include main memory segments, gates, task state 
segments, and descriptor tables (column 4, lines 17-24). Particularly, the descriptor 
tables under protection are three classes of descriptor tables: interrupt descriptor table, 
global descriptor table, and local descriptor table (column 5, lines 20-40). Providing 
protection for these descriptor tables allows full multitasking, real-time executive with 
task, communications, and space management facilities, as more complex 
microcomputer systems are usually interrupt driven (column 1, lines 20-23). Therefore, 
it would have been obvious for ones of ordinary skills in the art at the time of 
Applicants' invention to recognize the benefits of offering protection for descriptor 
tables, as demonstrated by Childs, Jr. et al., and to incorporate it into the existing 
memory protection mechanism disclosed by Nozue et al. to further enhance the 
performance of the system. 

As to claim 6, Childs, Jr. et al. teach that accessing the information in 
response to determining that the program has the authority to access the 
information includes using a stack of the computer system to verify the identity 
of the program [information is pushed on the stack (column 9, lines 30-40). 

As to claim 23, Childs, Jr. et al. teach that the processor disclosed in their 
invention is a microprocessor of the Intel 8086 family (column 1, lines 9-19). 
8. Related Prior Art 

The following list of prior art is considered to be pertinent to applicant's invention, 
but not relied upon for claim analysis conducted above. 
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■ Lai, (US 5,075,842), "Disabling Tag Bit Recognition and Allowing Privileged 

Operations to Occur in an Object-Oriented Memory Protection mechanism." 

■ Elward, (US 3,970,999), "Memory Expansion Apparatus" 

■ Freeman et al., (US 4,677,546), "Guarded Regions for Controlling Memory 
Access." 

■ Samson et al., (US 5,995,750), "Memory Protection System for a Multi-Tasking 

System." 

■ Devanagundy et al., (US 6,148,384), "Decoupled Serial Memory Access with 

Passkey Protected Memory Areas." 

Conclusion 

9. Claims 1-24 are rejected as explained above. 

10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Sheng-Jen Tsai whose telephone number is 571-272- 
4244. The examiner can normally be reached on 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Matthew Kim can be reached on 571-272-4182. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Sheng-Jen Tsai 
Examiner 
Art Unit 2186 
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